SB20240731118 - Integer overflow in Linux kernel mm
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20240731118
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2024-42131)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290
- https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2
- https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc
- https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0
- https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805
- https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.320
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.282
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.39